According to Tufin Technologies, a provider of secure telecom lifecycle management solutions, misconfigured networks are the easiest IT resources to exploitation and breaches.

The above are the findings of Tufin’s latest annual "hacking habits" survey, which analyzes how trends in the hacking community impact corporate security teams.

The survey carries responses collected from 100 registered security professionals attending the DEF CON 18 conference in Las Vegas last month.

Seventy-three percent came across a misconfigured network more than three quarters of the time, confirming the fact it was the easiest IT resource to exploit.

Surprisingly 58 percent of respondents also viewed network misconfiguration as being caused by IT staffers not knowing what to look for when assessing the status of their network configurations, Tufin officials said.

Reuven Harrison, chief technology officer and co-founder as a telecom lifecycle management specialist, said the survey is notable because more than half the survey respondents actually work in corporate IT.

“The really big question coming out of the survey is how to manage the risk that organizations run dealing with the complexity that is part and parcel of any medium-to-large sized company's security operations,” Harrison said.

As an answer to this question, Tufin's DEF CON 18 research revealed that 18 percent of professionals believe misconfigured networks are the result of insufficient time or money for audits. While 14 percent felt that compliance audits that don't always capture security best practices are a factor, 11 percent felt that threat vectors that change faster than they can be addressed play a key role.

The best way forward to solving this problem is automating configuration and security management, according to Harrison.

The survey identified that an increasing number of self-described black and grey hat hackers are landing corporate security positions, so the focus has overwhelmingly been on how easily they can break things. However, less than 30 percent of the sample is motivated by the desire to actually fix broken systems.

With 75 percent of respondents calling themselves hackers, Harrison says that network managers need to wake up and smell the coffee on the fact that network misconfiguration is now a primary security issue for their IT staff, according to Harrison.

The realization is made worse by the fact that 57 percent of the security professionals surveyed classified themselves as a black or grey hat hacker, and 68 percent of respondents admitted hacking just for fun, Harrison added.

Another trend noted among the DEF CON 18 attendees is planting a rogue member of staff inside a company as one of the most successful hacking methodologies, which, according to Tufin, compounds the issues faced by majority of security professionals that are caused by mis-configured systems on a regular basis.

With networks so easily penetrated, it's no surprise that 88 percent believe the biggest threat to organizations lies inside the firewall, the survey said.

However, 58 percent of attendees said they did not believe outsourcing security to a third party increased the chances of getting hacked, and almost half the sample believe it would not increase the chances of any sort of security or compliance issue.

“This disproves the commonly-held theory that the benefits of outsourcing security are cancelled out by an even greater set of risks,” Harrison said. “Security outsourcing has matured to the point where companies can confidently outsource parts or all of their security operations.”

Security service producers now offer automated tools to help with network management and configuration. “With cloud computing approaching in the fast lane, this has to be good news,” Harrison said.

Recently Tufin announced it has appointed M.Tech, an IT security, application delivery network and video communications solutions distributor, as a Tufin distributor in the Asia Pacific Region.